[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 21 20:12:21 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b53a10f5 by security tracker role at 2023-12-21T20:12:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,159 @@
+CVE-2023-7047 (Inadequate validation of permissions when employing remote tools and ...)
+ TODO: check
+CVE-2023-7042 (A null pointer dereference vulnerability was found in ath10k_wmi_tlv_o ...)
+ TODO: check
+CVE-2023-7041 (A vulnerability, which was classified as critical, has been found in c ...)
+ TODO: check
+CVE-2023-7040 (A vulnerability classified as problematic was found in codelyfe Stupid ...)
+ TODO: check
+CVE-2023-7039 (A vulnerability classified as critical has been found in Beijing Baich ...)
+ TODO: check
+CVE-2023-7038 (A vulnerability was found in automad up to 1.10.9. It has been rated a ...)
+ TODO: check
+CVE-2023-7037 (A vulnerability was found in automad up to 1.10.9. It has been declare ...)
+ TODO: check
+CVE-2023-7036 (A vulnerability was found in automad up to 1.10.9. It has been classif ...)
+ TODO: check
+CVE-2023-7035 (A vulnerability was found in automad up to 1.10.9 and classified as pr ...)
+ TODO: check
+CVE-2023-6546 (A race condition was found in the GSM 0710 tty multiplexor in the Linu ...)
+ TODO: check
+CVE-2023-6145 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-6122 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-5989 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-5988 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-5594 (Improper validation of the server\u2019s certificate chain in secure t ...)
+ TODO: check
+CVE-2023-51655 (In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible ...)
+ TODO: check
+CVE-2023-51442 (Navidrome is an open source web-based music collection server and stre ...)
+ TODO: check
+CVE-2023-51052 (S-CMS v5.0 was discovered to contain a SQL injection vulnerability via ...)
+ TODO: check
+CVE-2023-51051 (S-CMS v5.0 was discovered to contain a SQL injection vulnerability via ...)
+ TODO: check
+CVE-2023-51050 (S-CMS v5.0 was discovered to contain a SQL injection vulnerability via ...)
+ TODO: check
+CVE-2023-51049 (S-CMS v5.0 was discovered to contain a SQL injection vulnerability via ...)
+ TODO: check
+CVE-2023-51048 (S-CMS v5.0 was discovered to contain a SQL injection vulnerability via ...)
+ TODO: check
+CVE-2023-50834 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-50833 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-50832 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-50831 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-50830 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-50829 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-50828 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-50827 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-50826 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-50825 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-50824 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-50823 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-50822 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-50732 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-50724 (Resque (pronounced like "rescue") is a Redis-backed library for creati ...)
+ TODO: check
+CVE-2023-50481 (An issue was discovered in blinksocks version 3.3.8, allows remote att ...)
+ TODO: check
+CVE-2023-50477 (An issue was discovered in nos client version 0.6.6, allows remote att ...)
+ TODO: check
+CVE-2023-50475 (An issue was discovered in bcoin-org bcoin version 2.2.0, allows remot ...)
+ TODO: check
+CVE-2023-50473 (Cross-Site Scripting (XSS) vulnerability in bill-ahmed qbit-matUI vers ...)
+ TODO: check
+CVE-2023-50377 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-50119
+ REJECTED
+CVE-2023-4256 (Within tcpreplay's tcprewrite, a double free vulnerability has been id ...)
+ TODO: check
+CVE-2023-4255 (An out-of-bounds write issue has been discovered in the backspace hand ...)
+ TODO: check
+CVE-2023-49826 (Deserialization of Untrusted Data vulnerability in PenciDesign Soledad ...)
+ TODO: check
+CVE-2023-49778 (Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa ...)
+ TODO: check
+CVE-2023-49765 (Authorization Bypass Through User-Controlled Key vulnerability in Blaz ...)
+ TODO: check
+CVE-2023-49762 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-49162 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-48288 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-48116 (SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored X ...)
+ TODO: check
+CVE-2023-48115 (SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored D ...)
+ TODO: check
+CVE-2023-48114 (SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored X ...)
+ TODO: check
+CVE-2023-47527 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-47525 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-47191 (Authorization Bypass Through User-Controlled Key vulnerability in Kain ...)
+ TODO: check
+CVE-2023-46791 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+ TODO: check
+CVE-2023-45127 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
+ TODO: check
+CVE-2023-45126 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
+ TODO: check
+CVE-2023-45125 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
+ TODO: check
+CVE-2023-45124 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
+ TODO: check
+CVE-2023-45123 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
+ TODO: check
+CVE-2023-45122 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
+ TODO: check
+CVE-2023-45121 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
+ TODO: check
+CVE-2023-45120 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
+ TODO: check
+CVE-2023-45119 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
+ TODO: check
+CVE-2023-45118 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
+ TODO: check
+CVE-2023-45117 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
+ TODO: check
+CVE-2023-45116 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
+ TODO: check
+CVE-2023-45115 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
+ TODO: check
+CVE-2023-44482 (Leave Management System Project v1.0 is vulnerable to multiple Authent ...)
+ TODO: check
+CVE-2023-44481 (Leave Management System Project v1.0 is vulnerable to multiple Authent ...)
+ TODO: check
+CVE-2023-40058 (Sensitive data was added to our public-facing knowledgebase that, if e ...)
+ TODO: check
+CVE-2023-32799 (Authorization Bypass Through User-Controlled Key vulnerability in WooC ...)
+ TODO: check
+CVE-2023-32747 (Authorization Bypass Through User-Controlled Key vulnerability in WooC ...)
+ TODO: check
+CVE-2023-32242 (Deserialization of Untrusted Data vulnerability in xtemos WoodMart - M ...)
+ TODO: check
+CVE-2023-2487 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
CVE-2023-XXXX [SMTP smuggling attack]
- postfix <unfixed> (bug #1059230)
NOTE: https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
@@ -6,15 +162,15 @@ CVE-2023-XXXX [SMTP smuggling attack]
NOTE: postfix: https://www.mail-archive.com/postfix-users@postfix.org/msg100901.html
NOTE: postfix: Short-term Mitigation: smtpd_forbid_unauth_pipelining = yes
TODO: track other major mailserver implementations
-CVE-2023-48291
+CVE-2023-48291 (Apache Airflow, in versions prior to 2.8.0, contains a security vulner ...)
- airflow <itp> (bug #819700)
-CVE-2023-47265
+CVE-2023-47265 (Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerab ...)
- airflow <itp> (bug #819700)
-CVE-2023-49920
+CVE-2023-49920 (Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that ...)
- airflow <itp> (bug #819700)
-CVE-2023-50783
+CVE-2023-50783 (Apache Airflow, versions before 2.8.0, is affected by a vulnerability ...)
- airflow <itp> (bug #819700)
-CVE-2023-51656
+CVE-2023-51656 (Deserialization of Untrusted Data vulnerability in Apache IoTDB.This i ...)
NOT-FOR-US: Apache IoTDB
CVE-2023-XXXX [RUSTSEC-2023-0075]
- rust-unsafe-libyaml <unfixed> (bug #1059234)
@@ -25,6 +181,7 @@ CVE-2023-7026 (A vulnerability was found in Lightxun IPTV Gateway up to 20231208
CVE-2023-7025 (A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0. ...)
NOT-FOR-US: KylinSoft hedron-domain-hook
CVE-2023-7024
+ {DSA-5585-1}
- chromium 120.0.6099.129-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-7023 (A vulnerability was found in Tongda OA 2017 up to 11.9. It has been ra ...)
@@ -397,22 +554,25 @@ CVE-2023-34027 (Deserialization of Untrusted Data vulnerability in Rajnish Arora
CVE-2019-25158 (A vulnerability has been found in pedroetb tts-api up to 2.1.4 and cla ...)
NOT-FOR-US: pedroetb tts-api
CVE-2023-50762 (When processing a PGP/MIME payload that contains digitally signed text ...)
+ {DSA-5582-1}
- thunderbird 1:115.6.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50762
CVE-2023-50761 (The signature of a digitally signed S/MIME email message may optionall ...)
+ {DSA-5582-1}
- thunderbird 1:115.6.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50761
CVE-2023-6862 (A use-after-free was identified in the `nsDNSService::Init`. This iss ...)
- {DSA-5581-1}
+ {DSA-5582-1 DSA-5581-1}
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6862
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6862
CVE-2023-6873 (Memory safety bugs present in Firefox 120. Some of these bugs showed e ...)
+ {DSA-5582-1}
- firefox 121.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6873
CVE-2023-6864 (Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thun ...)
- {DSA-5581-1}
+ {DSA-5582-1 DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -441,7 +601,7 @@ CVE-2023-6868 (In some instances, the user-agent would allow push requests which
- firefox <not-affected> (Android-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6868
CVE-2023-6861 (The `nsWindow::PickerOpen(void)` method was susceptible to a heap buff ...)
- {DSA-5581-1}
+ {DSA-5582-1 DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -455,7 +615,7 @@ CVE-2023-6867 (The timing of a button click causing a popup to disappear was app
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6867
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6867
CVE-2023-6860 (The `VideoBridge` allowed any content process to use textures produced ...)
- {DSA-5581-1}
+ {DSA-5582-1 DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -466,7 +626,7 @@ CVE-2023-6866 (TypedArrays can be fallible and lacked proper exception handling.
- firefox 121.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6866
CVE-2023-6859 (A use-after-free condition affected TLS socket creation when under mem ...)
- {DSA-5581-1}
+ {DSA-5582-1 DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -474,7 +634,7 @@ CVE-2023-6859 (A use-after-free condition affected TLS socket creation when unde
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6859
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6859
CVE-2023-6858 (Firefox was susceptible to a heap buffer overflow in `nsTextFragment` ...)
- {DSA-5581-1}
+ {DSA-5582-1 DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -482,7 +642,7 @@ CVE-2023-6858 (Firefox was susceptible to a heap buffer overflow in `nsTextFragm
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6858
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6858
CVE-2023-6857 (When resolving a symlink, a race may occur where the buffer passed to ...)
- {DSA-5581-1}
+ {DSA-5582-1 DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -496,7 +656,7 @@ CVE-2023-6865 (`EncryptingOutputStream` was susceptible to exposing uninitialize
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6865
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6865
CVE-2023-6856 (The WebGL `DrawElementsInstanced` method was susceptible to a heap buf ...)
- {DSA-5581-1}
+ {DSA-5582-1 DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -2897,7 +3057,7 @@ CVE-2023-35618 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerabi
CVE-2023-32460 (Dell PowerEdge BIOS contains an improper privilege management security ...)
NOT-FOR-US: Dell
CVE-2023-45866 (Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral ...)
- {DLA-3689-1}
+ {DSA-5584-1 DLA-3689-1}
[experimental] - bluez 5.70-1.1~exp0
- bluez 5.70-1.1 (bug #1057914)
NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675
@@ -15075,7 +15235,7 @@ CVE-2023-4129 (Dell Data Protection Central, version 19.9, contains an Inadequat
NOT-FOR-US: Dell
CVE-2023-4003 (One Identity Password Manager version 5.9.7.1 -An unauthenticated atta ...)
NOT-FOR-US: One Identity Password Manager
-CVE-2023-2585
+CVE-2023-2585 (Keycloak's device authorization grant does not correctly validate the ...)
NOT-FOR-US: Keycloak
CVE-2023-2422 (A flaw was found in Keycloak. A Keycloak server configured to support ...)
NOT-FOR-US: Keycloak
@@ -42403,8 +42563,8 @@ CVE-2023-28423 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-28422 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Mage ...)
NOT-FOR-US: WooCommerce plugin
-CVE-2023-28421
- RESERVED
+CVE-2023-28421 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
CVE-2023-28420 (Cross-Site Request Forgery (CSRF) vulnerability in Leo Caseiro Custom ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28419 (Cross-Site Request Forgery (CSRF) vulnerability in Stranger Studios Fo ...)
@@ -60086,8 +60246,8 @@ CVE-2023-22676
RESERVED
CVE-2023-22675
RESERVED
-CVE-2023-22674
- RESERVED
+CVE-2023-22674 (Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability ...)
+ TODO: check
CVE-2023-22673 (Cross-Site Request Forgery (CSRF) vulnerability in MageNet Website Mon ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22672 (Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe vSlider Mul ...)
@@ -71720,8 +71880,8 @@ CVE-2022-45379 (Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier
NOT-FOR-US: Jenkins Script Security Plugin
CVE-2022-45378 (In the default configuration of Apache SOAP, an RPCRouterServlet is av ...)
NOT-FOR-US: Apache SOAP
-CVE-2022-45377
- RESERVED
+CVE-2022-45377 (Unrestricted Upload of File with Dangerous Type vulnerability in Glen ...)
+ TODO: check
CVE-2022-45376 (Cross-Site Request Forgery (CSRF) vulnerability in XootiX Side Cart Wo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45375 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b53a10f54b3672e758b79d1fc1f49161ff3668f0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b53a10f54b3672e758b79d1fc1f49161ff3668f0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231221/5c0d77e6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list